Computer Threats

OBJECTIVES:

1. Describe accurately at least six threats to a computer network

2. Identify correctly whether a computer network threat has compromised the

availability, integrity, or confidentiality of a company’s resources and services

Computer threats refer to anything that has the potential to cause harm to a computer system.

A threat is something that may or may not happen, but has the potential to cause serious

damage.

1. Eavesdropping is an electronic attack where digital communications are intercepted

by an individual whom they are not intended for.

2. Industrial Espionage is an occasion when one company steals secrets from another

company with which it is competing.

3. Spam refers to the use of electronic messaging systems to send out unrequested or

unwanted messages (emails) in bulk.

4. Identity theft is the act of illegally obtaining someone’s personal information such

as full name, maiden name, address, date of birth, social security number, passwords,

phone number, e-mail, and credit card numbers. The thief can then use this

information to gain access to bank accounts, e-mail, cell phones, identify themselves

as you, or sells your information.

5. Credit card fraud is the act of someone illegally using another person’s credit card

to make purchases without their permission.

6. Botnet is alternatively referred to as a zombie network, a botnet (bot network) is a

group of infected computers that are under the control of one or more individuals. The

infected computers are used to perform tasks impossible for a single computer, such
 as distributing millions of SPAM e-mail’s or a Distributed Denial of Service (DDoS)

attack.

7. Denial of Service attack is a method of attacking a networked computer by sending it

an abnormally high number of requests, causing its network to slow down or fail.

These attack are normally run from multiple computers infected by worms or zombie

computers for a DDoS.

8. Phishing is a term used to describe a malicious individual or group of individuals

who scam users. They do so by sending e-mails or creating web pages that are

designed to collect an individual’s online bank, credit card, or other login information.

Because these e-mails and web pages look like legitimate companies users trust them

and enter their personal information.

9. Pharming is a web page that has been created to deceive visitors into believing that is

another company’s web page. For example, a user may create a web page that appears

to be for a specific bank, requesting a username and password for login. However, if

information is entered into this page, it is captured by the person who created it.

Consequently, they may use this info on an actual bank site, gaining access to a

person’s bank account.

10. Malware is malicious software designed to change your settings, delete software,

cause errors, watch browsing habits, or open computer to attacks. It uses deceptive

and unethical tactics to install itself on your computer without your consent.

● Logic Bomb is a piece of code inserted into an operating system or software

application that implements a malicious function after a certain amount of time, or

specific conditions are met. They perform actions like corrupting or altering data,

reformatting a hard drive, and deleting important files.

data, send e-mail, display messages, or some combination of these actions. When

the virus is executed, it spreads by copying itself into or over data files,

programs.

● Worm is a destructive self replicating program containing code capable of

gaining access to computers or networks. Once in the computer or network, the

worm causes harm by deleting, modifying, distributing, or otherwise manipulating

data.

● Trojan Horse is a program that appears to be something safe but is performing

tasks such as giving access to your computer or sending personal information to

other computers.

● Spyware is a term used to describe a program designed to gather information

about a user’s activity secretly. Spyware programs are often used to track users’

habits to target them with advertisements better.

● Key logger is alternatively referred to as a keystroke logger, a key logger is a

software program or hardware device that is used to monitor and log each of the

keys a user types into a computer keyboard. The user who installed the program or

hardware device can then view all keys typed in by any computer user.

C-I-A stands for Confidentiality, Integrity and Availability – these security concepts help to

guide cyber security policies.

users could be applications, processes, other systems and/or humans. When designing a

system, adequate control mechanisms to enforce confidentiality should be in place, as well as

policies that dictate what authorized users can and cannot do with the data.

Integrity is the ability to ensure that a system and its data has not suffered unauthorized

modification. Integrity protection protects not only data, but also operating systems,

applications and hardware from being altered by unauthorized individuals.

Availability guarantees that systems, applications and data are available to users when they

need them. The most common attack that impacts availability is denial-of-service in which

the attacker interrupts access to information, system, devices or other network resources. A

denial-of-service in an internal vehicular network could result in an ECU not being able to

access the information needed to operate and the ECU could become nonoperational or even

worst it could bring the system to an unsafe state.

Class Activity
Indicate whether the Computer Network Threat affects the availability, integrity
OR confidentiality of a company’s resources and services. (Indicate with a YES under the
correct columns)

Computer
Availabilit Integrity
network Confidentiality
y (Honesty)
threat
Denial of

service

Pharming

Identify Theft

Eavesdropping

Botnet

Key logger

Industrial

Espionage